The API client has Lookup certificates and their chain embedded into the library. We would need to update these and release a new version of the libraries before updating Lookup Web Server and LDAP SSL certificates. Putting it as a placeholder and ~"priority::0 Highest" as the certificate is expiry on the 1st of December and we need to give people warning in advance about the change. Tasks: - [x] Update Python Library https://gitlab.developers.cam.ac.uk/uis/devops/django/ucamlookup/-/issues/16 - [x] Update PHP Library https://gitlab.developers.cam.ac.uk/uis/devops/iam/ibis/ibis-client/-/issues/5 - [x] Comms about updated libraries and change of certificate deadlines ([briefing note](https://docs.google.com/document/d/1LOeWNPNTYbDFMhsZxg3Q9iBpJDvNChwizKbmXrOA9wA/edit#)) https://gitlab.developers.cam.ac.uk/uis/devops/iam/ibis/ibis-client/-/issues/8 - [x] Update https://www.lookup.cam.ac.uk/doc/ws-doc/ https://gitlab.developers.cam.ac.uk/uis/devops/iam/ibis/ibis/-/merge_requests/30 - needs deployment - [x] Remove unused certs https://gitlab.developers.cam.ac.uk/uis/devops/iam/ibis/ibis-client/-/merge_requests/6 - [x] Update all apps that use these libraries - [x] IAR: https://gitlab.developers.cam.ac.uk/uis/devops/iar/webapp/-/issues/36 - [x] Card API: https://gitlab.developers.cam.ac.uk/uis/devops/iam/card-database/card-api/-/issues/135 - [x] API Gateway login and consent app: https://gitlab.developers.cam.ac.uk/uis/devops/api/login-and-consent-webapp/-/issues/8 - [x] ~~tokens.uis: https://gitlab.developers.cam.ac.uk/uis/devops/network-access/network-access/-/issues/6~~ - [x] covid: https://gitlab.developers.cam.ac.uk/uis/devops/covid-pool/webapp/-/merge_requests/36 - [x] gsuite: https://gitlab.developers.cam.ac.uk/uis/devops/gsuite/preferences-webapp/-/merge_requests/14 deploy is https://gitlab.developers.cam.ac.uk/uis/devops/gsuite/deploy/-/merge_requests/11 - [x] lecture capture: https://gitlab.developers.cam.ac.uk/uis/devops/lecture-capture/preferences-webapp/-/merge_requests/12 - [x] shib metadata: https://gitlab.developers.cam.ac.uk/uis/devops/raven/shibboleth-metadata/-/merge_requests/32 - [x] research dashboard: https://gitlab.developers.cam.ac.uk/uis/devops/research-dashboard/webapp/-/merge_requests/244 - [x] tls certs: https://gitlab.developers.cam.ac.uk/uis/devops/tls-certificates/tlscerts/-/merge_requests/49 - [x] self service gateway: https://gitlab.developers.cam.ac.uk/uis/devops/ssgw/webapp/-/merge_requests/272 - [x] smi - consumes ucamlookup through automationcommon, will need a rebuild and deploy once automationcommon updated: https://gitlab.developers.cam.ac.uk/uis/devops/django/automationcommon/-/merge_requests/19 - build pipeline running: https://gitlab.developers.cam.ac.uk/uis/devops/uga/smi/-/pipelines/134061 - [x] boilerplate: https://gitlab.developers.cam.ac.uk/uis/devops/webapp-boilerplate/-/merge_requests/58 - [x] Smoke test one of the dev-group apps against Lookup test to ensure that they will accept the new certificate - @wgd23 has done this against the SMS running locally - as well as swapping the deployed passwords-test over to using Lookup test. All fine.